[wpkg-users] Can't use computer account authentication with WPKG Client 1.3.6
K.E.Jones at bton.ac.uk
K.E.Jones at bton.ac.uk
Mon Nov 10 19:56:14 CET 2008
Hi,
> -----Original Message-----
> From: kpa at hrz.tu-chemnitz.de [mailto:kpa at hrz.tu-chemnitz.de] On Behalf Of Kai Pastor
> Sent: 10 November 2008 12:26
> To: Jones Keith
> Cc: wpkg-users at lists.wpkg.org
> Subject: RE: [wpkg-users] Can't use computer account authentication with WPKG Client 1.3.6
>
> > -----Original Message-----
> > From: K.E.Jones at bton.ac.uk [mailto:K.E.Jones at bton.ac.uk]
> > Sent: Friday, November 07, 2008 11:16 PM
> ...
> > Question :-)
> >
> > In theory, (although it's probably not as simple programmatically)
> doesn't
> > LocalSystem attempt connections as the machine account? By that I mean,
> > <computername>$ and not just <computername>.
>
> Yes, this is the case, and I use it for WPKG Client <= 1.3.5.
>
> > Is the "use computer credentials" option just because people are missing
> the
> > point of adding a $ to the computer name or share security?
> >
> > Sorry... it's a naïve thought again but I could see it as a easy
> oversight.
> >
> > I've spent far too much time handling this idea in scripts!
>
> It doesn't matter whether you specify SYSTEM, DOMAIN\MACHINE or
> DOMAIN\MACHINE$. You don't know the password for the machine account, and so
> you get an error.
> Apart from that, I want to deploy WPKG Client with a common settings.xml to
> a number of machines. For this purpose there must be no machine-dependent
> part in the settings.
>
Ahh... yes I see what you mean! I was firmly grasping the wrong end of the stick
and thinking it was just a security issue.
The client needs to detect a blank username/password for the sources path and
make sure WNetAddConnection2 is called with null to make the connection in the context
of LocalSystem. Does that sound right?
Okay, I can't see that happening in the 1.3.5 code. Well I haven't found it yet...
Rainer: Is the 1.3.6 source available yet? Is this the problem for Kai? Maybe you
can do the same as for the service account and look for "SYSTEM" as the username?
I can have a go at patching it if you want :-)
Have fun,
Keefy
> Bye,
> Kai Pastor.
More information about the wpkg-users
mailing list